Total
258583 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2308 | 1 Microsoft | 1 Ie | 2008-09-05 | 7.5 HIGH | N/A |
| The JPEG decoder in Microsoft Internet Explorer allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute arbitrary code via certain crafted JPEG images, as demonstrated using (1) mov_fencepost.jpg, (2) cmp_fencepost.jpg, (3) oom_dos.jpg, or (4) random.jpg. | |||||
| CVE-2005-2306 | 1 Macromedia | 2 Coldfusion, Jrun | 2008-09-05 | 3.7 LOW | N/A |
| Race condition in Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0, when under heavy load, causes JRun to assign a duplicate authentication token to multiple sessions, which could allow authenticated users to gain privileges as other users. | |||||
| CVE-2005-2305 | 1 Dg | 1 Remote Control Server | 2008-09-05 | 7.5 HIGH | N/A |
| DG Remote Control Server 1.6.2 allows remote attackers to cause a denial of service (crash or CPU consumption) and possibly execute arbitrary code via a long message to TCP port 1071 or 1073, possibly due to a buffer overflow. | |||||
| CVE-2005-2286 | 1 Esi Products | 1 Webeoc | 2008-09-05 | 10.0 HIGH | N/A |
| WebEOC before 6.0.2 does not properly check user authorization, which allows remote attackers to gain privileges via a direct request to a resource. | |||||
| CVE-2005-2285 | 1 Esi Products | 1 Webeoc | 2008-09-05 | 5.0 MEDIUM | N/A |
| WebEOC before 6.0.2 stores sensitive information in locations such as URIs, web pages, and configuration files, which allows remote attackers to obtain information such as Usernames, Passwords, Emergency information, medical information, and system configuration. | |||||
| CVE-2005-2284 | 1 Esi Products | 1 Webeoc | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in WebEOC before 6.0.2 allow remote attackers to modify SQL statements via unknown attack vectors. | |||||
| CVE-2005-2283 | 1 Esi Products | 1 Webeoc | 2008-09-05 | 2.1 LOW | N/A |
| WebEOC before 6.0.2 does not properly restrict the size of an uploaded file, which allows remote authenticated users to cause a denial of service (system and database resource consumption) via a large file. | |||||
| CVE-2005-2282 | 1 Esi Products | 1 Webeoc | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WebEOC before 6.0.2 allow remote attackers to inject arbitrary web script and HTML via unknown vectors. | |||||
| CVE-2005-2271 | 1 Alexander Clauss | 1 Icab | 2008-09-05 | 2.6 LOW | N/A |
| iCab 2.9.8 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability." | |||||
| CVE-2005-2259 | 1 Usanet Creations | 6 Domain Name Auction, Makebid Auction Deluxe, Makebid Auction Standard and 3 more | 2008-09-05 | 10.0 HIGH | N/A |
| The dispallclosed2 function in dispallclosed.pl for multiple USANet Creations products, including (1) USANet Shopping Mall Software, (2) Domain Name Auction Software, (3) Standard Classified Ads Software, and (4) MakeBid Reverse Auction allows remote attackers to execute arbitrary code via shell metacharacters in the DISPCLOSED parameter. | |||||
| CVE-2005-2258 | 1 Squitosoft | 1 Squito Gallery | 2008-09-05 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in photolist.inc.php in Squito Gallery 1.33 allows remote attackers to execute arbitrary code via the photoroot parameter. | |||||
| CVE-2005-2256 | 1 Phppgadmin | 1 Phppgadmin | 2008-09-05 | 5.0 MEDIUM | N/A |
| Encoded directory traversal vulnerability in phpPgAdmin 3.1 to 3.5.3 allows remote attackers to access arbitrary files via "%2e%2e%2f" (encoded dot dot) sequences in the formLanguage parameter. | |||||
| CVE-2005-2255 | 1 Gianluca Baldo | 1 Phpauction | 2008-09-05 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in PhpAuction 2.5 allows remote attackers to read arbitrary files, include local PHP files, or obtain sensitive path information via ".." sequences in the lan parameter to (1) index.php or (2) admin/index.php. | |||||
| CVE-2005-2253 | 1 Gianluca Baldo | 1 Phpauction | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in PhpAuction 2.5 allow remote attackers to modify SQL queries via the category parameter to adsearch.php. NOTE: there is evidence that viewnews.php may not be part of the PhpAuction product, so it is not included in this description. | |||||
| CVE-2005-2252 | 1 Gianluca Baldo | 1 Phpauction | 2008-09-05 | 7.5 HIGH | N/A |
| PhpAuction 2.5 allows remote attackers to bypass authentication and gain privileges as another user by setting the PHPAUCTION_RM_ID cookie to the user ID. | |||||
| CVE-2005-2250 | 1 Nokia | 1 Affix | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary code via a long filename in an OBEX file share. | |||||
| CVE-2005-2249 | 1 Jinzora | 1 Jinzora | 2008-09-05 | 10.0 HIGH | N/A |
| Multiple unknown vulnerabilities in Jinzora 2.0.1 have unknown impact and attack vectors, possibly involving a PHP file inclusion vulnerability. | |||||
| CVE-2005-2248 | 1 Sven-ove Bjerkan | 1 Downloadprotect | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in DownloadProtect before 1.0.3 allows remote attackers to read files above the download folder. | |||||
| CVE-2005-2243 | 1 Cisco | 1 Call Manager | 2008-09-05 | 5.0 MEDIUM | N/A |
| Memory leak in inetinfo.exe in Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1, when Multi Level Admin (MLA) is enabled, allows remote attackers to cause a denial of service (memory consumption) via a large number of Admin Service Tool (AST) logins that fail. | |||||
| CVE-2005-2242 | 1 Cisco | 1 Call Manager | 2008-09-05 | 5.0 MEDIUM | N/A |
| Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1 allows remote attackers to cause a denial of service (memory consumption and restart) via crafted packets to (1) the CTI Manager (ctimgr.exe) or (2) the CallManager (ccm.exe). | |||||